Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pUccUkoM.exe' = '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- <Auxiliary element>
- C:\Far2\Far.exe
- hidden files
- file extensions
- User Account Control (UAC)
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\vowMccoM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\YicAoIsc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\GWUQokEI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\nwEEMggI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\AGEkYUgY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\EiEIMkoE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IGEsUIwo.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\UewgEocA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\XoMsAoQM.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' %TEMP%\file.vbs
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\CswMIMIk.bat" "<Full path to virus>""
- C:\RCX5A.tmp
- <Current directory>\VEcc.ico
- <Current directory>\Wsom.exe
- C:\RCX59.tmp
- <Current directory>\vkoo.ico
- <Current directory>\pkAK.exe
- C:\RCX5B.tmp
- <Current directory>\SUkK.ico
- <Current directory>\oYUY.exe
- C:\RCX5D.tmp
- <Current directory>\DsoE.ico
- <Current directory>\DQws.exe
- C:\RCX5C.tmp
- <Current directory>\awcU.exe
- <Current directory>\GwQU.ico
- <Current directory>\KYAC.exe
- C:\RCX56.tmp
- <Current directory>\aIke.ico
- <Current directory>\GEIs.exe
- C:\RCX55.tmp
- <Current directory>\cIAW.ico
- <Current directory>\DscO.exe
- C:\RCX58.tmp
- <Current directory>\EUoe.ico
- <Current directory>\Gsoo.exe
- C:\RCX57.tmp
- <Current directory>\DYYK.ico
- <Current directory>\WoIE.ico
- <Current directory>\dwUG.exe
- C:\RCX64.tmp
- <Current directory>\uEoI.ico
- <Current directory>\RQIw.exe
- C:\RCX63.tmp
- <Current directory>\TwUc.ico
- <Current directory>\NoIE.exe
- C:\RCX66.tmp
- <Current directory>\FAYW.ico
- <Current directory>\sAIu.exe
- C:\RCX65.tmp
- <Current directory>\AEII.ico
- C:\RCX62.tmp
- <Current directory>\goIG.ico
- <Current directory>\lQIS.exe
- C:\RCX5F.tmp
- <Current directory>\mscM.ico
- <Current directory>\zcoC.exe
- C:\RCX5E.tmp
- <Current directory>\SAso.exe
- C:\RCX61.tmp
- <Current directory>\dEUy.ico
- <Current directory>\CkYk.exe
- C:\RCX60.tmp
- <Current directory>\swEi.ico
- <Current directory>\LoMU.exe
- C:\RCX54.tmp
- <Current directory>\foEe.exe
- C:\RCX48.tmp
- <Current directory>\qccy.ico
- <Current directory>\cYcC.exe
- C:\RCX47.tmp
- <Current directory>\dUAA.ico
- <Current directory>\PkIK.exe
- C:\RCX4A.tmp
- <Current directory>\pcwi.ico
- <Current directory>\jYYi.exe
- C:\RCX49.tmp
- <Current directory>\mIUq.ico
- <Current directory>\jQMY.exe
- <Current directory>\Oggw.ico
- C:\RCX43.tmp
- <Current directory>\BEsM.ico
- <Current directory>\uMYC.exe
- C:\RCX42.tmp
- <Current directory>\MIUW.ico
- <Current directory>\UcMS.exe
- C:\RCX44.tmp
- <Current directory>\EUYe.ico
- <Current directory>\eoge.exe
- C:\RCX46.tmp
- <Current directory>\DQAo.ico
- <Current directory>\RwcC.exe
- C:\RCX45.tmp
- <Current directory>\MQcq.exe
- C:\RCX51.tmp
- <Current directory>\iUQU.ico
- <Current directory>\IQkq.exe
- C:\RCX50.tmp
- <Current directory>\Xwsg.ico
- <Current directory>\LccI.exe
- C:\RCX53.tmp
- <Current directory>\tAQO.ico
- <Current directory>\bkgG.exe
- C:\RCX52.tmp
- <Current directory>\vcUA.ico
- <Current directory>\Rggo.exe
- <Current directory>\XgcQ.ico
- C:\RCX4C.tmp
- <Current directory>\OkMC.ico
- <Current directory>\dgEI.exe
- C:\RCX4B.tmp
- <Current directory>\fwAq.ico
- <Current directory>\IsAi.exe
- C:\RCX4D.tmp
- <Current directory>\twEA.ico
- <Current directory>\YIAS.exe
- C:\RCX4F.tmp
- <Current directory>\rQME.ico
- <Current directory>\FIYQ.exe
- C:\RCX4E.tmp
- <Current directory>\dAUW.exe
- C:\RCX7F.tmp
- <Current directory>\jwkQ.ico
- <Current directory>\csEA.exe
- C:\RCX7E.tmp
- <Current directory>\Ossy.ico
- <Current directory>\AAsE.exe
- C:\RCX80.tmp
- <Current directory>\vUMC.ico
- <Current directory>\MQAm.exe
- C:\RCX82.tmp
- <Current directory>\VEsC.ico
- <Current directory>\fMAo.exe
- C:\RCX81.tmp
- <Current directory>\EMUg.exe
- <Current directory>\fkgI.ico
- <Current directory>\tUoU.exe
- C:\RCX7B.tmp
- <Current directory>\dwou.ico
- <Current directory>\nEoI.exe
- C:\RCX7A.tmp
- <Current directory>\yYMQ.ico
- <Current directory>\nAwE.exe
- C:\RCX7D.tmp
- <Current directory>\Ugos.ico
- <Current directory>\YEgy.exe
- C:\RCX7C.tmp
- <Current directory>\XUce.ico
- C:\RCX88.tmp
- <Current directory>\SAYm.ico
- <Current directory>\SwAo.exe
- C:\RCX87.tmp
- <Current directory>\wYky.ico
- <Current directory>\loUG.exe
- C:\RCX89.tmp
- <Current directory>\tMME.ico
- <Current directory>\qgkW.exe
- C:\RCX8B.tmp
- <Current directory>\ZIgQ.ico
- <Current directory>\wUci.exe
- C:\RCX8A.tmp
- <Current directory>\NwIy.exe
- <Current directory>\qEUC.ico
- <Current directory>\xEsI.exe
- C:\RCX84.tmp
- <Current directory>\cAcg.ico
- <Current directory>\UUEE.exe
- C:\RCX83.tmp
- <Current directory>\asUS.ico
- <Current directory>\iMIk.exe
- C:\RCX86.tmp
- <Current directory>\DIsE.ico
- <Current directory>\kMsA.exe
- C:\RCX85.tmp
- <Current directory>\CYIk.ico
- C:\RCX79.tmp
- <Current directory>\coUc.exe
- C:\RCX6D.tmp
- <Current directory>\mcQg.ico
- <Current directory>\MwAW.exe
- C:\RCX6C.tmp
- <Current directory>\gwUI.ico
- <Current directory>\ncEM.exe
- C:\RCX6F.tmp
- <Current directory>\vkkY.ico
- <Current directory>\TIEo.exe
- C:\RCX6E.tmp
- <Current directory>\KMQE.ico
- <Current directory>\bYUo.exe
- <Current directory>\HcUE.ico
- C:\RCX68.tmp
- <Current directory>\DIIg.ico
- <Current directory>\Iwge.exe
- C:\RCX67.tmp
- <Current directory>\IYsQ.ico
- <Current directory>\sUkK.exe
- C:\RCX69.tmp
- <Current directory>\icQM.ico
- <Current directory>\lksY.exe
- C:\RCX6B.tmp
- <Current directory>\hIQW.ico
- <Current directory>\EEoq.exe
- C:\RCX6A.tmp
- <Current directory>\dAcY.exe
- C:\RCX76.tmp
- <Current directory>\RMEi.ico
- <Current directory>\cssM.exe
- C:\RCX75.tmp
- <Current directory>\UcAa.ico
- <Current directory>\PAgi.exe
- C:\RCX78.tmp
- <Current directory>\UsAq.ico
- <Current directory>\BMQe.exe
- C:\RCX77.tmp
- <Current directory>\ksoo.ico
- <Current directory>\zgkw.exe
- <Current directory>\OUUe.ico
- C:\RCX71.tmp
- <Current directory>\fEIe.ico
- <Current directory>\nocG.exe
- C:\RCX70.tmp
- <Current directory>\gsYY.ico
- <Current directory>\bEIi.exe
- C:\RCX72.tmp
- <Current directory>\iYIu.ico
- <Current directory>\uAsa.exe
- C:\RCX74.tmp
- <Current directory>\hsQO.ico
- <Current directory>\fUQk.exe
- C:\RCX73.tmp
- <Current directory>\rAMK.exe
- <Current directory>\nYUY.exe
- C:\RCX11.tmp
- <Current directory>\fcUM.ico
- <Current directory>\IIgy.exe
- C:\RCX10.tmp
- <Current directory>\oQQw.ico
- <Current directory>\WYQs.exe
- C:\RCX13.tmp
- <Current directory>\YEsg.ico
- <Current directory>\lEgs.exe
- C:\RCX12.tmp
- <Current directory>\xkUe.ico
- <Current directory>\bcQI.exe
- <Current directory>\uAca.ico
- C:\RCXC.tmp
- <Current directory>\rwwm.ico
- <Current directory>\pYMy.exe
- C:\RCXB.tmp
- <Current directory>\MYoI.ico
- <Current directory>\sscO.exe
- C:\RCXD.tmp
- <Current directory>\dQco.ico
- <Current directory>\TkMW.exe
- C:\RCXF.tmp
- <Current directory>\MIgO.ico
- <Current directory>\csYC.exe
- C:\RCXE.tmp
- <Current directory>\lAUs.exe
- C:\RCX1A.tmp
- <Current directory>\eYMc.ico
- <Current directory>\RYMe.exe
- C:\RCX19.tmp
- <Current directory>\HkYS.ico
- <Current directory>\vQoo.exe
- C:\RCX1C.tmp
- <Current directory>\xgYg.ico
- <Current directory>\zkoA.exe
- C:\RCX1B.tmp
- <Current directory>\vAsu.ico
- <Current directory>\ggwY.exe
- <Current directory>\KYsa.ico
- C:\RCX15.tmp
- <Current directory>\KscE.ico
- <Current directory>\CQsi.exe
- C:\RCX14.tmp
- <Current directory>\fgQe.ico
- <Current directory>\QcQw.exe
- C:\RCX16.tmp
- <Current directory>\hgYm.ico
- <Current directory>\eMQi.exe
- C:\RCX18.tmp
- <Current directory>\KoQa.ico
- <Current directory>\JUgo.exe
- C:\RCX17.tmp
- <Current directory>\LUwY.exe
- %TEMP%\nwEEMggI.bat
- %TEMP%\IGEsUIwo.bat
- %TEMP%\DWUUkkow.bat
- %TEMP%\vowMccoM.bat
- %TEMP%\mqAUAgQY.bat
- %TEMP%\WoMYoAQU.bat
- %TEMP%\mAsowEII.bat
- <Current directory>\zYAc.exe
- C:\RCX1.tmp
- <Current directory>\YgQO.ico
- %TEMP%\AGEkYUgY.bat
- %TEMP%\EiEIMkoE.bat
- <Current directory>\Lkkk.ico
- %TEMP%\eKkgEooU.bat
- %TEMP%\UewgEocA.bat
- %TEMP%\WCMMsUgU.bat
- %TEMP%\CswMIMIk.bat
- %TEMP%\wMMYEkIQ.bat
- <Current directory>\<Virus name>
- %TEMP%\file.vbs
- %TEMP%\WaoIIkQg.bat
- %TEMP%\GWUQokEI.bat
- %TEMP%\YicAoIsc.bat
- %TEMP%\xKMYQMkw.bat
- %TEMP%\XoMsAoQM.bat
- %TEMP%\ieIEYUgE.bat
- <Current directory>\UgAK.ico
- <Current directory>\NMcw.exe
- C:\RCX8.tmp
- <Current directory>\zkka.ico
- <Current directory>\RAou.exe
- C:\RCX7.tmp
- <Current directory>\wAkU.ico
- <Current directory>\xskU.exe
- C:\RCXA.tmp
- <Current directory>\Nscu.ico
- <Current directory>\yoIC.exe
- C:\RCX9.tmp
- <Current directory>\cwYi.ico
- C:\RCX6.tmp
- <Current directory>\WkYy.exe
- C:\RCX3.tmp
- <Current directory>\sosK.ico
- <Current directory>\FYIQ.exe
- C:\RCX2.tmp
- <Current directory>\yMMY.ico
- <Current directory>\XQQS.exe
- C:\RCX5.tmp
- <Current directory>\iIUS.ico
- <Current directory>\YMcC.exe
- C:\RCX4.tmp
- <Current directory>\QEAO.ico
- <Current directory>\zwku.exe
- C:\RCX1D.tmp
- <Current directory>\bksQ.ico
- <Current directory>\GwQi.exe
- C:\RCX36.tmp
- <Current directory>\KEQS.ico
- <Current directory>\vIkI.exe
- C:\RCX35.tmp
- <Current directory>\MUAW.ico
- <Current directory>\Kwkq.exe
- C:\RCX38.tmp
- <Current directory>\SskU.ico
- <Current directory>\ycco.exe
- C:\RCX37.tmp
- <Current directory>\LkgU.ico
- C:\RCX34.tmp
- <Current directory>\hUoA.exe
- C:\RCX31.tmp
- <Current directory>\YcIS.ico
- <Current directory>\FAIs.exe
- C:\RCX30.tmp
- <Current directory>\AIYI.ico
- <Current directory>\CAIc.exe
- C:\RCX33.tmp
- <Current directory>\sMES.ico
- <Current directory>\gYYG.exe
- C:\RCX32.tmp
- <Current directory>\XUIo.ico
- <Current directory>\LQME.exe
- <Current directory>\IAkM.ico
- <Current directory>\JEAG.exe
- C:\RCX3F.tmp
- <Current directory>\AQcq.ico
- <Current directory>\LUAI.exe
- C:\RCX3E.tmp
- <Current directory>\OQkE.ico
- <Current directory>\iMEM.exe
- C:\RCX41.tmp
- <Current directory>\PsoY.ico
- <Current directory>\LMIs.exe
- C:\RCX40.tmp
- <Current directory>\sIkS.ico
- C:\RCX3D.tmp
- <Current directory>\KMkG.exe
- C:\RCX3A.tmp
- <Current directory>\ucwq.ico
- <Current directory>\rMgm.exe
- C:\RCX39.tmp
- <Current directory>\aIEi.ico
- <Current directory>\KMAM.exe
- C:\RCX3C.tmp
- <Current directory>\GIcu.ico
- <Current directory>\HMkc.exe
- C:\RCX3B.tmp
- <Current directory>\RUwm.ico
- <Current directory>\UAsk.exe
- <Current directory>\sYUg.ico
- C:\RCX23.tmp
- <Current directory>\HsME.ico
- <Current directory>\Ikcu.exe
- C:\RCX22.tmp
- <Current directory>\DwAc.ico
- <Current directory>\zwAk.exe
- C:\RCX24.tmp
- <Current directory>\fMEE.ico
- <Current directory>\HAMu.exe
- C:\RCX26.tmp
- <Current directory>\oIoO.ico
- <Current directory>\ZgQe.exe
- C:\RCX25.tmp
- <Current directory>\ncMo.exe
- <Current directory>\gAYI.ico
- <Current directory>\ekYs.exe
- C:\RCX1F.tmp
- <Current directory>\rwgk.ico
- <Current directory>\aMAo.exe
- C:\RCX1E.tmp
- <Current directory>\TUQK.ico
- <Current directory>\dQsC.exe
- C:\RCX21.tmp
- <Current directory>\hYYU.ico
- <Current directory>\pAMO.exe
- C:\RCX20.tmp
- <Current directory>\gEwU.ico
- C:\RCX2C.tmp
- <Current directory>\FgUu.ico
- <Current directory>\vMka.exe
- C:\RCX2B.tmp
- <Current directory>\IsMy.ico
- <Current directory>\QYcU.exe
- C:\RCX2D.tmp
- <Current directory>\NcYk.ico
- <Current directory>\YsIa.exe
- C:\RCX2F.tmp
- <Current directory>\KwoK.ico
- <Current directory>\ZAUY.exe
- C:\RCX2E.tmp
- <Current directory>\hgoq.exe
- <Current directory>\aQIA.ico
- <Current directory>\DIAw.exe
- C:\RCX28.tmp
- <Current directory>\gQcy.ico
- <Current directory>\jQsm.exe
- C:\RCX27.tmp
- <Current directory>\osgE.ico
- <Current directory>\OMQq.exe
- C:\RCX2A.tmp
- <Current directory>\vQIG.ico
- <Current directory>\AscQ.exe
- C:\RCX29.tmp
- <Current directory>\igMa.ico
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %HOMEPATH%\fCkYUMIQ\pUccUkoM.exe
- <Current directory>\VEcc.ico
- <Current directory>\DQws.exe
- <Current directory>\vkoo.ico
- <Current directory>\Wsom.exe
- <Current directory>\SUkK.ico
- <Current directory>\zcoC.exe
- <Current directory>\DsoE.ico
- <Current directory>\oYUY.exe
- <Current directory>\pkAK.exe
- <Current directory>\Gsoo.exe
- <Current directory>\cIAW.ico
- <Current directory>\KYAC.exe
- <Current directory>\GwQU.ico
- <Current directory>\awcU.exe
- <Current directory>\EUoe.ico
- <Current directory>\DscO.exe
- <Current directory>\DYYK.ico
- <Current directory>\mscM.ico
- <Current directory>\sAIu.exe
- <Current directory>\TwUc.ico
- <Current directory>\dwUG.exe
- <Current directory>\WoIE.ico
- <Current directory>\dAUW.exe
- <Current directory>\FAYW.ico
- <Current directory>\NoIE.exe
- <Current directory>\AEII.ico
- <Current directory>\uEoI.ico
- <Current directory>\SAso.exe
- <Current directory>\LoMU.exe
- <Current directory>\lQIS.exe
- <Current directory>\goIG.ico
- <Current directory>\dEUy.ico
- <Current directory>\RQIw.exe
- <Current directory>\swEi.ico
- <Current directory>\CkYk.exe
- <Current directory>\aIke.ico
- <Current directory>\qccy.ico
- <Current directory>\jQMY.exe
- <Current directory>\dUAA.ico
- <Current directory>\PkIK.exe
- <Current directory>\pcwi.ico
- <Current directory>\IsAi.exe
- <Current directory>\mIUq.ico
- <Current directory>\jYYi.exe
- <Current directory>\foEe.exe
- <Current directory>\RwcC.exe
- <Current directory>\DQAo.ico
- <Current directory>\uMYC.exe
- <Current directory>\BEsM.ico
- <Current directory>\cYcC.exe
- <Current directory>\Oggw.ico
- <Current directory>\eoge.exe
- <Current directory>\EUYe.ico
- <Current directory>\fwAq.ico
- <Current directory>\iUQU.ico
- <Current directory>\Rggo.exe
- <Current directory>\Xwsg.ico
- <Current directory>\LccI.exe
- <Current directory>\tAQO.ico
- <Current directory>\GEIs.exe
- <Current directory>\vcUA.ico
- <Current directory>\bkgG.exe
- <Current directory>\MQcq.exe
- <Current directory>\FIYQ.exe
- <Current directory>\rQME.ico
- <Current directory>\dgEI.exe
- <Current directory>\OkMC.ico
- <Current directory>\IQkq.exe
- <Current directory>\XgcQ.ico
- <Current directory>\YIAS.exe
- <Current directory>\twEA.ico
- <Current directory>\sUkK.exe
- <Current directory>\csEA.exe
- <Current directory>\jwkQ.ico
- <Current directory>\AAsE.exe
- <Current directory>\Ossy.ico
- <Current directory>\MQAm.exe
- <Current directory>\vUMC.ico
- <Current directory>\fMAo.exe
- <Current directory>\VEsC.ico
- <Current directory>\Ugos.ico
- <Current directory>\fkgI.ico
- <Current directory>\YEgy.exe
- <Current directory>\dwou.ico
- <Current directory>\tUoU.exe
- <Current directory>\XUce.ico
- <Current directory>\EMUg.exe
- <Current directory>\yYMQ.ico
- <Current directory>\nAwE.exe
- <Current directory>\UUEE.exe
- <Current directory>\SwAo.exe
- <Current directory>\SAYm.ico
- <Current directory>\loUG.exe
- <Current directory>\wYky.ico
- <Current directory>\qgkW.exe
- <Current directory>\tMME.ico
- <Current directory>\wUci.exe
- <Current directory>\ZIgQ.ico
- <Current directory>\DIsE.ico
- <Current directory>\qEUC.ico
- <Current directory>\kMsA.exe
- <Current directory>\cAcg.ico
- <Current directory>\xEsI.exe
- <Current directory>\CYIk.ico
- <Current directory>\NwIy.exe
- <Current directory>\asUS.ico
- <Current directory>\iMIk.exe
- <Current directory>\nEoI.exe
- <Current directory>\ncEM.exe
- <Current directory>\mcQg.ico
- <Current directory>\coUc.exe
- <Current directory>\gwUI.ico
- <Current directory>\TIEo.exe
- <Current directory>\vkkY.ico
- <Current directory>\bYUo.exe
- <Current directory>\KMQE.ico
- <Current directory>\HcUE.ico
- <Current directory>\DIIg.ico
- <Current directory>\EEoq.exe
- <Current directory>\IYsQ.ico
- <Current directory>\Iwge.exe
- <Current directory>\icQM.ico
- <Current directory>\MwAW.exe
- <Current directory>\hIQW.ico
- <Current directory>\lksY.exe
- <Current directory>\bEIi.exe
- <Current directory>\PAgi.exe
- <Current directory>\RMEi.ico
- <Current directory>\dAcY.exe
- <Current directory>\UcAa.ico
- <Current directory>\BMQe.exe
- <Current directory>\UsAq.ico
- <Current directory>\zgkw.exe
- <Current directory>\ksoo.ico
- <Current directory>\OUUe.ico
- <Current directory>\fEIe.ico
- <Current directory>\fUQk.exe
- <Current directory>\gsYY.ico
- <Current directory>\nocG.exe
- <Current directory>\iYIu.ico
- <Current directory>\cssM.exe
- <Current directory>\hsQO.ico
- <Current directory>\uAsa.exe
- <Current directory>\MIUW.ico
- <Current directory>\xkUe.ico
- <Current directory>\lEgs.exe
- <Current directory>\fcUM.ico
- <Current directory>\bcQI.exe
- <Current directory>\fgQe.ico
- <Current directory>\CQsi.exe
- <Current directory>\YEsg.ico
- <Current directory>\QcQw.exe
- <Current directory>\WYQs.exe
- <Current directory>\TkMW.exe
- <Current directory>\dQco.ico
- <Current directory>\csYC.exe
- <Current directory>\MIgO.ico
- <Current directory>\nYUY.exe
- <Current directory>\oQQw.ico
- <Current directory>\IIgy.exe
- <Current directory>\uAca.ico
- <Current directory>\KscE.ico
- <Current directory>\vAsu.ico
- <Current directory>\zkoA.exe
- <Current directory>\eYMc.ico
- <Current directory>\ggwY.exe
- <Current directory>\rwgk.ico
- <Current directory>\ekYs.exe
- <Current directory>\xgYg.ico
- <Current directory>\aMAo.exe
- <Current directory>\vQoo.exe
- <Current directory>\eMQi.exe
- <Current directory>\hgYm.ico
- <Current directory>\JUgo.exe
- <Current directory>\KoQa.ico
- <Current directory>\lAUs.exe
- <Current directory>\HkYS.ico
- <Current directory>\RYMe.exe
- <Current directory>\KYsa.ico
- <Current directory>\rwwm.ico
- <Current directory>\Lkkk.ico
- <Current directory>\FYIQ.exe
- %TEMP%\mAsowEII.bat
- <Current directory>\zYAc.exe
- <Current directory>\yMMY.ico
- <Current directory>\XQQS.exe
- <Current directory>\YgQO.ico
- <Current directory>\WkYy.exe
- %TEMP%\DWUUkkow.bat
- %TEMP%\xKMYQMkw.bat
- %TEMP%\ieIEYUgE.bat
- %TEMP%\wMMYEkIQ.bat
- %TEMP%\WCMMsUgU.bat
- %TEMP%\mqAUAgQY.bat
- %TEMP%\WoMYoAQU.bat
- %TEMP%\WaoIIkQg.bat
- %TEMP%\eKkgEooU.bat
- <Current directory>\sosK.ico
- <Current directory>\cwYi.ico
- <Current directory>\LUwY.exe
- <Current directory>\wAkU.ico
- <Current directory>\xskU.exe
- <Current directory>\MYoI.ico
- <Current directory>\pYMy.exe
- <Current directory>\Nscu.ico
- <Current directory>\sscO.exe
- <Current directory>\yoIC.exe
- <Current directory>\YMcC.exe
- <Current directory>\iIUS.ico
- <Current directory>\zwku.exe
- <Current directory>\QEAO.ico
- <Current directory>\NMcw.exe
- <Current directory>\UgAK.ico
- <Current directory>\RAou.exe
- <Current directory>\zkka.ico
- <Current directory>\gAYI.ico
- <Current directory>\MUAW.ico
- <Current directory>\Kwkq.exe
- <Current directory>\bksQ.ico
- <Current directory>\ycco.exe
- <Current directory>\SskU.ico
- <Current directory>\KMkG.exe
- <Current directory>\LkgU.ico
- <Current directory>\rMgm.exe
- <Current directory>\GwQi.exe
- <Current directory>\LQME.exe
- <Current directory>\XUIo.ico
- <Current directory>\CAIc.exe
- <Current directory>\YcIS.ico
- <Current directory>\vIkI.exe
- <Current directory>\KEQS.ico
- <Current directory>\gYYG.exe
- <Current directory>\sMES.ico
- <Current directory>\aIEi.ico
- <Current directory>\OQkE.ico
- <Current directory>\iMEM.exe
- <Current directory>\IAkM.ico
- <Current directory>\LMIs.exe
- <Current directory>\PsoY.ico
- <Current directory>\UcMS.exe
- <Current directory>\sIkS.ico
- <Current directory>\rAMK.exe
- <Current directory>\JEAG.exe
- <Current directory>\UAsk.exe
- <Current directory>\RUwm.ico
- <Current directory>\KMAM.exe
- <Current directory>\ucwq.ico
- <Current directory>\LUAI.exe
- <Current directory>\AQcq.ico
- <Current directory>\HMkc.exe
- <Current directory>\GIcu.ico
- <Current directory>\AIYI.ico
- <Current directory>\oIoO.ico
- <Current directory>\HAMu.exe
- <Current directory>\HsME.ico
- <Current directory>\ZgQe.exe
- <Current directory>\gQcy.ico
- <Current directory>\DIAw.exe
- <Current directory>\fMEE.ico
- <Current directory>\jQsm.exe
- <Current directory>\Ikcu.exe
- <Current directory>\dQsC.exe
- <Current directory>\gEwU.ico
- <Current directory>\pAMO.exe
- <Current directory>\TUQK.ico
- <Current directory>\zwAk.exe
- <Current directory>\DwAc.ico
- <Current directory>\ncMo.exe
- <Current directory>\hYYU.ico
- <Current directory>\aQIA.ico
- <Current directory>\KwoK.ico
- <Current directory>\YsIa.exe
- <Current directory>\FgUu.ico
- <Current directory>\ZAUY.exe
- <Current directory>\sYUg.ico
- <Current directory>\hUoA.exe
- <Current directory>\NcYk.ico
- <Current directory>\FAIs.exe
- <Current directory>\vMka.exe
- <Current directory>\OMQq.exe
- <Current directory>\igMa.ico
- <Current directory>\AscQ.exe
- <Current directory>\osgE.ico
- <Current directory>\QYcU.exe
- <Current directory>\IsMy.ico
- <Current directory>\hgoq.exe
- <Current directory>\vQIG.ico
- from C:\RCX5D.tmp to <Current directory>\oYUY.exe
- from C:\RCX5C.tmp to <Current directory>\DQws.exe
- from C:\RCX5F.tmp to <Current directory>\lQIS.exe
- from C:\RCX5E.tmp to <Current directory>\zcoC.exe
- from C:\RCX59.tmp to <Current directory>\awcU.exe
- from C:\RCX58.tmp to <Current directory>\DscO.exe
- from C:\RCX5B.tmp to <Current directory>\Wsom.exe
- from C:\RCX5A.tmp to <Current directory>\pkAK.exe
- from C:\RCX60.tmp to <Current directory>\SAso.exe
- from C:\RCX66.tmp to <Current directory>\NoIE.exe
- from C:\RCX65.tmp to <Current directory>\sAIu.exe
- from C:\RCX68.tmp to <Current directory>\sUkK.exe
- from C:\RCX67.tmp to <Current directory>\dAUW.exe
- from C:\RCX62.tmp to <Current directory>\CkYk.exe
- from C:\RCX61.tmp to <Current directory>\LoMU.exe
- from C:\RCX64.tmp to <Current directory>\dwUG.exe
- from C:\RCX63.tmp to <Current directory>\RQIw.exe
- from C:\RCX4C.tmp to <Current directory>\IsAi.exe
- from C:\RCX4B.tmp to <Current directory>\jYYi.exe
- from C:\RCX4E.tmp to <Current directory>\FIYQ.exe
- from C:\RCX4D.tmp to <Current directory>\dgEI.exe
- from C:\RCX48.tmp to <Current directory>\foEe.exe
- from C:\RCX47.tmp to <Current directory>\cYcC.exe
- from C:\RCX4A.tmp to <Current directory>\jQMY.exe
- from C:\RCX49.tmp to <Current directory>\PkIK.exe
- from C:\RCX4F.tmp to <Current directory>\YIAS.exe
- from C:\RCX55.tmp to <Current directory>\GEIs.exe
- from C:\RCX54.tmp to <Current directory>\bkgG.exe
- from C:\RCX57.tmp to <Current directory>\Gsoo.exe
- from C:\RCX56.tmp to <Current directory>\KYAC.exe
- from C:\RCX51.tmp to <Current directory>\MQcq.exe
- from C:\RCX50.tmp to <Current directory>\IQkq.exe
- from C:\RCX53.tmp to <Current directory>\Rggo.exe
- from C:\RCX52.tmp to <Current directory>\LccI.exe
- from C:\RCX69.tmp to <Current directory>\Iwge.exe
- from C:\RCX80.tmp to <Current directory>\csEA.exe
- from C:\RCX7F.tmp to <Current directory>\AAsE.exe
- from C:\RCX82.tmp to <Current directory>\MQAm.exe
- from C:\RCX81.tmp to <Current directory>\fMAo.exe
- from C:\RCX7C.tmp to <Current directory>\YEgy.exe
- from C:\RCX7B.tmp to <Current directory>\tUoU.exe
- from C:\RCX7E.tmp to <Current directory>\EMUg.exe
- from C:\RCX7D.tmp to <Current directory>\nAwE.exe
- from C:\RCX83.tmp to <Current directory>\UUEE.exe
- from C:\RCX89.tmp to <Current directory>\SwAo.exe
- from C:\RCX88.tmp to <Current directory>\loUG.exe
- from C:\RCX8B.tmp to <Current directory>\qgkW.exe
- from C:\RCX8A.tmp to <Current directory>\wUci.exe
- from C:\RCX85.tmp to <Current directory>\kMsA.exe
- from C:\RCX84.tmp to <Current directory>\xEsI.exe
- from C:\RCX87.tmp to <Current directory>\NwIy.exe
- from C:\RCX86.tmp to <Current directory>\iMIk.exe
- from C:\RCX6F.tmp to <Current directory>\bYUo.exe
- from C:\RCX6E.tmp to <Current directory>\ncEM.exe
- from C:\RCX71.tmp to <Current directory>\bEIi.exe
- from C:\RCX70.tmp to <Current directory>\TIEo.exe
- from C:\RCX6B.tmp to <Current directory>\lksY.exe
- from C:\RCX6A.tmp to <Current directory>\EEoq.exe
- from C:\RCX6D.tmp to <Current directory>\coUc.exe
- from C:\RCX6C.tmp to <Current directory>\MwAW.exe
- from C:\RCX72.tmp to <Current directory>\nocG.exe
- from C:\RCX78.tmp to <Current directory>\zgkw.exe
- from C:\RCX77.tmp to <Current directory>\PAgi.exe
- from C:\RCX7A.tmp to <Current directory>\nEoI.exe
- from C:\RCX79.tmp to <Current directory>\BMQe.exe
- from C:\RCX74.tmp to <Current directory>\uAsa.exe
- from C:\RCX73.tmp to <Current directory>\fUQk.exe
- from C:\RCX76.tmp to <Current directory>\dAcY.exe
- from C:\RCX75.tmp to <Current directory>\cssM.exe
- from C:\RCX46.tmp to <Current directory>\eoge.exe
- from C:\RCX17.tmp to <Current directory>\JUgo.exe
- from C:\RCX16.tmp to <Current directory>\CQsi.exe
- from C:\RCX19.tmp to <Current directory>\RYMe.exe
- from C:\RCX18.tmp to <Current directory>\eMQi.exe
- from C:\RCX13.tmp to <Current directory>\bcQI.exe
- from C:\RCX12.tmp to <Current directory>\WYQs.exe
- from C:\RCX15.tmp to <Current directory>\QcQw.exe
- from C:\RCX14.tmp to <Current directory>\lEgs.exe
- from C:\RCX1A.tmp to <Current directory>\lAUs.exe
- from C:\RCX20.tmp to <Current directory>\pAMO.exe
- from C:\RCX1F.tmp to <Current directory>\ekYs.exe
- from C:\RCX22.tmp to <Current directory>\ncMo.exe
- from C:\RCX21.tmp to <Current directory>\dQsC.exe
- from C:\RCX1C.tmp to <Current directory>\ggwY.exe
- from C:\RCX1B.tmp to <Current directory>\vQoo.exe
- from C:\RCX1E.tmp to <Current directory>\aMAo.exe
- from C:\RCX1D.tmp to <Current directory>\zkoA.exe
- from C:\RCX6.tmp to <Current directory>\YMcC.exe
- from C:\RCX5.tmp to <Current directory>\zwku.exe
- from C:\RCX8.tmp to <Current directory>\NMcw.exe
- from C:\RCX7.tmp to <Current directory>\RAou.exe
- from C:\RCX2.tmp to <Current directory>\FYIQ.exe
- from C:\RCX1.tmp to <Current directory>\zYAc.exe
- from C:\RCX4.tmp to <Current directory>\XQQS.exe
- from C:\RCX3.tmp to <Current directory>\WkYy.exe
- from C:\RCX9.tmp to <Current directory>\yoIC.exe
- from C:\RCXF.tmp to <Current directory>\TkMW.exe
- from C:\RCXE.tmp to <Current directory>\csYC.exe
- from C:\RCX11.tmp to <Current directory>\nYUY.exe
- from C:\RCX10.tmp to <Current directory>\IIgy.exe
- from C:\RCXB.tmp to <Current directory>\LUwY.exe
- from C:\RCXA.tmp to <Current directory>\xskU.exe
- from C:\RCXD.tmp to <Current directory>\pYMy.exe
- from C:\RCXC.tmp to <Current directory>\sscO.exe
- from C:\RCX23.tmp to <Current directory>\zwAk.exe
- from C:\RCX3A.tmp to <Current directory>\KMkG.exe
- from C:\RCX39.tmp to <Current directory>\rMgm.exe
- from C:\RCX3C.tmp to <Current directory>\UAsk.exe
- from C:\RCX3B.tmp to <Current directory>\KMAM.exe
- from C:\RCX36.tmp to <Current directory>\GwQi.exe
- from C:\RCX35.tmp to <Current directory>\vIkI.exe
- from C:\RCX38.tmp to <Current directory>\Kwkq.exe
- from C:\RCX37.tmp to <Current directory>\ycco.exe
- from C:\RCX3D.tmp to <Current directory>\HMkc.exe
- from C:\RCX43.tmp to <Current directory>\UcMS.exe
- from C:\RCX42.tmp to <Current directory>\rAMK.exe
- from C:\RCX45.tmp to <Current directory>\RwcC.exe
- from C:\RCX44.tmp to <Current directory>\uMYC.exe
- from C:\RCX3F.tmp to <Current directory>\JEAG.exe
- from C:\RCX3E.tmp to <Current directory>\LUAI.exe
- from C:\RCX41.tmp to <Current directory>\iMEM.exe
- from C:\RCX40.tmp to <Current directory>\LMIs.exe
- from C:\RCX29.tmp to <Current directory>\AscQ.exe
- from C:\RCX28.tmp to <Current directory>\DIAw.exe
- from C:\RCX2B.tmp to <Current directory>\hgoq.exe
- from C:\RCX2A.tmp to <Current directory>\OMQq.exe
- from C:\RCX25.tmp to <Current directory>\ZgQe.exe
- from C:\RCX24.tmp to <Current directory>\Ikcu.exe
- from C:\RCX27.tmp to <Current directory>\jQsm.exe
- from C:\RCX26.tmp to <Current directory>\HAMu.exe
- from C:\RCX2C.tmp to <Current directory>\QYcU.exe
- from C:\RCX32.tmp to <Current directory>\CAIc.exe
- from C:\RCX31.tmp to <Current directory>\hUoA.exe
- from C:\RCX34.tmp to <Current directory>\gYYG.exe
- from C:\RCX33.tmp to <Current directory>\LQME.exe
- from C:\RCX2E.tmp to <Current directory>\ZAUY.exe
- from C:\RCX2D.tmp to <Current directory>\vMka.exe
- from C:\RCX30.tmp to <Current directory>\FAIs.exe
- from C:\RCX2F.tmp to <Current directory>\YsIa.exe
- '20#.#19.204.12':666
- '19#.#86.45.170':666
- '74.##5.232.51':80
- '20#.#7.164.69':666
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
- '19#.#86.45.170':9999
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: '' WindowName: 'Open'
- ClassName: '' WindowName: 'Run'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'WorkerW' WindowName: ''
- ClassName: 'DV2ControlHost' WindowName: ''
- ClassName: 'BUTTON' WindowName: 'START'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'mywMQEoQ'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'Windows Internet Explorer'
- ClassName: '' WindowName: 'Open File'